Resolve TokenAudience from host metadata for account hosts#714
Draft
hectorcast-db wants to merge 1 commit intohectorcast-db/stack/port-4-resolve-metadata-on-initfrom
Conversation
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
hectorcast-db
changed the base branch from
main
to
hectorcast-db/stack/port-4-resolve-metadata-on-init
This was referenced Mar 19, 2026
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 19, 2026
## 🥞 Stacked PR - [**#710 Add cloud field to HostMetadata**](#710) [[Files](https://github.com/databricks/databricks-sdk-java/pull/710/files)] - [#711 Fix GetWorkspaceClient for unified account hosts](#711) [[Files](https://github.com/databricks/databricks-sdk-java/pull/711/files)] - [#712 Add test for GetWorkspaceClient with SPOG host](#712) [[Files](https://github.com/databricks/databricks-sdk-java/pull/712/files)] - [#713 Call resolveHostMetadata on Config init](#713) [[Files](https://github.com/databricks/databricks-sdk-java/pull/713/files)] - [#714 Resolve TokenAudience from host metadata for account hosts](#714) [[Files](https://github.com/databricks/databricks-sdk-java/pull/714/files)] - [#718 Make GCP SA token refresh non-blocking](#718) [[Files](https://github.com/databricks/databricks-sdk-java/pull/718/files)] - [#719 Add integration test for host metadata resolution](#719) [[Files](https://github.com/databricks/databricks-sdk-java/pull/719/files)] - [#720 Remove unified flag usage, rely on host metadata](#720) [[Files](https://github.com/databricks/databricks-sdk-java/pull/720/files)] --------- ## Summary Port of Go SDK [#1512](databricks/databricks-sdk-go#1512). Adds a `cloud` field to `HostMetadata` that is populated from the `/.well-known/databricks-config` discovery endpoint. **Why:** Today, `isAws()`, `isAzure()`, and `isGcp()` infer cloud type by suffix-matching the workspace hostname against a hardcoded list of known DNS zones. This works for standard deployments but fails for non-standard hostnames (custom vanity domains, unified hosts, etc.). The discovery endpoint is the authoritative source and already returns a `cloud` field, but the SDK was discarding it. **Changes:** - `HostMetadata`: new `cloud` field (`@JsonProperty("cloud")`), getter, and 4-arg constructor - `HostMetadataTest`: deserialization with/without cloud, constructor tests `NO_CHANGELOG=true` ## Test plan - [x] `HostMetadataTest`: 4 tests for cloud field deserialization and constructors
Port of Go SDK #1543. When resolveHostMetadata() runs on an account host and tokenAudience is not already set, automatically sets it to the accountId. This enables OIDC token exchange to work correctly for account-level operations without explicit TOKEN_AUDIENCE config. Co-authored-by: Isaac
hectorcast-db
force-pushed
the
hectorcast-db/stack/port-4-resolve-metadata-on-init
branch
from
27e8e10 to
c37f21f
Compare
hectorcast-db
force-pushed
the
hectorcast-db/stack/port-5-token-audience-from-metadata
branch
from
f8a984d to
f1240ce
Compare
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
hectorcast-db
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 19, 2026
## 🥞 Stacked PR - [#710 Add cloud field to HostMetadata](#710) [[Files](https://github.com/databricks/databricks-sdk-java/pull/710/files)] - [**#711 Fix GetWorkspaceClient for unified account hosts**](#711) [[Files](https://github.com/databricks/databricks-sdk-java/pull/711/files)] - [#712 Add test for GetWorkspaceClient with SPOG host](#712) [[Files](https://github.com/databricks/databricks-sdk-java/pull/712/files)] - [#713 Call resolveHostMetadata on Config init](#713) [[Files](https://github.com/databricks/databricks-sdk-java/pull/713/files)] - [#714 Resolve TokenAudience from host metadata for account hosts](#714) [[Files](https://github.com/databricks/databricks-sdk-java/pull/714/files)] - [#718 Make GCP SA token refresh non-blocking](#718) [[Files](https://github.com/databricks/databricks-sdk-java/pull/718/files)] - [#719 Add integration test for host metadata resolution](#719) [[Files](https://github.com/databricks/databricks-sdk-java/pull/719/files)] - [#720 Remove unified flag usage, rely on host metadata](#720) [[Files](https://github.com/databricks/databricks-sdk-java/pull/720/files)] --------- ## Summary Port of Go SDK [#1517](databricks/databricks-sdk-go#1517). Fixes `getWorkspaceClient()` for unified account hosts that don't follow the standard environment DNS zone pattern (e.g. SPOG/unified hosts). Previously, the workspace host was always constructed via `getDeploymentUrl(ws.getDeploymentName())`, which blindly appends the environment's DNS zone. For unified hosts where the account and workspace share the same host, this produces an incorrect URL. **Changes:** - `AccountClient.getWorkspaceClient()`: clones config instead of mutating `this.config` for unified hosts **Note:** `AccountClient.java` is a generated file. The template needs to be updated. `NO_CHANGELOG=true` ## Test plan - [x] `AccountClientTest`: existing tests pass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🥞 Stacked PR
Summary
Port of Go SDK #1543.
When
resolveHostMetadata()runs on an account host andtokenAudienceis not already set, automatically sets it to theaccountId. This enables OIDC token exchange to work correctly for account-level operations without explicitTOKEN_AUDIENCEconfiguration.Changes:
DatabricksConfig.resolveHostMetadata(): setstokenAudience = accountIdfor ACCOUNT clients when not already configuredtestResolveHostMetadataSetsTokenAudienceForAccountHost,testResolveHostMetadataDoesNotOverwriteTokenAudienceNO_CHANGELOG=trueTest plan
DatabricksConfigTest: token audience resolution tests pass